Slightly OT - i need the proper wording for a signed document

Dirk Gottschalk dirk.gottschalk1980 at googlemail.com
Sat Nov 3 16:26:09 CET 2018


Hello Juegen.

Am Freitag, den 02.11.2018, 18:27 +0100 schrieb Juergen BRUCKNER:
> Hello Dirk,
> Am 02.11.18 um 15:20 schrieb Dirk Gottschalk via Gnupg-users:
> > You mean, you "tampered" with the file and the signature is still
> > valid? Are you sure? Then Adome does sometging really bad, IMHO.
> > 
> > Such a signature should ensure that the file is unmodified
> > completely.
> > otherwise somebody can modify it in a way that could be used as a
> > backdoor to the signature, at least in theory.
> That is correct, that a signature is valid if there is added a
> timestamp
> AFTER sign the document. Very simplified it uses the same method for
> timestamping as for signing, and it is a kind of 2nd signature on the
> same document. the document is NOT altered or manipulated.

Okay, you're right. When I sign AND timestamp a Document with
LibreOffice, then I'am asked 2 times for my Card-Pin. Seems like the
document is signed first an then the Timestamp. I never gave attention
to this, but your explaination seems to clear up with this phenomenom.

Regards.
Dirk

-- 
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen, Germany

GPG: DDCB AF8E 0132 AA54 20AB  B864 4081 0B18 1ED8 E838
Keybase.io: https://keybase.io/dgottschalk
GitHub: https://github.com/Dirk1980ac

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181103/09ff3587/attachment.sig>


More information about the Gnupg-users mailing list